DefCon Competition has Antivirus Vendors Complaining
DefCon is known for a range of 'out there' type activities and presentations and it looks like this year is going to be no different. A contest that is being organised on the sidelines of this year's convention is already raising eyebrows and complaints from around the Information Security industry.
In a nutshell, the aim of the contest is to successfully modify malware samples so that they pass through a number of antivirus scanners without detection, while still retaining the malware capability. It could be seen as a polymorphism competition - how much can you change the code and still retain the same function.
What the contest is seeking to achieve is nothing more than what is happening continuously on the Internet, where malware developers are continually fine-tuning their software to best avoid detection. It should also show up the antivirus tools that are making use of poor signature detection mechanisms and those that are using weak heuristics to detect previously unknown malware. The big problem for the antivirus developers is that it is possible to effectively drive a truck through the holes in their systems and it isn't going to take much for competitors to bypass most tools. It will be interesting to see how the competition organisers set about increasing the difficulty of each round.
Antivirus developers are complaining about the competition, though most of the complaints sound like the developers are having a hard time keeping their technology within spitting distance of the malware authors. Even with the complaining, it probably won't take long for the competition samples to appear in definition files and in the count of malware types being detected. It is strange, though, how competitions like CTF, or the recent 0-day competition at CanSecWest, do not attract much complaint, but as soon as antivirus or antimalware tools are targeted it is too much for people.
It is the latest in a number of interesting competitions where the practical attack value of what is being done is greater than in other competitions. This contest ranks up with miniscule-XSS competitions and archives of XSS / SQL injection vulnerable sites.
28 April 2008
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.